SUSE SLES15 Security Update : freerdp (SUSE-SU-2026:0421-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0421-1 advisory. - CVE-2026-22852: a malicious RDP server can trigger a heap-buffer-overflow in audinprocessformats bsc1256718. - CVE-2026-22854:...

CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...

CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...

CVE-2025-55731 Frappe has the possibility of Authenticated SQL Injection due to improper validations

Frappe is a full-stack web application framework. A carefully crafted request could extract data that the user would normally not have access to, via SQL injection. This vulnerability is fixed in 15.74.2 and 14.96.15...

Frappe has possibility of SQL injection due to improper validations

Impact SQL injection could be achieved via a specially crafted request, which could allow malicious person to gain access to sensitive information. Workarounds Upgrading is required, no other workaround is present...

Improper Validations

Jenkins Digital.ai App Management Publisher Plugin is vulnerable to Improper Validations. The vulnerability exists due to not performing permission checks in several HTTP endpoints which allows an attacker with read or overall permissions to capture sensitive data such as stored credentials...

Heap-based Buffer Overflow

libgpac.so is vulnerable to Heap-based Buffer Overflow. The vulnerability exists in mp3dmxprocess function of filters/reframemp3.c due to improper validations of buffer size which allows an attacker to cause an overflow resulting in an application crash...

Remote Code Execution (RCE)

Apache Flume is vulnerable to remote code execution. The vulnerability exists due to improper validations of jms source and provider url where the attacker can use the jms source with an unsafe provider url causing arbitrary code executions...

Cross-Site Scripting (XSS)

Apache JSPWiki is vulnerable to cross-site scripting. The vulnerability exists in jspInit function in XHRHtml2Markup.jsp due to improper validations, allowing an attacker to inject and execute malicious scripts via a crafted request and gain access to sensitive information...

Privilege Escalation

com.liferay.portal is vulnerable to privilege escalation. Remote authenticated attackers are able to gain access to view sensitive user information by accessing a list of sites and groups via the site membership assignment UI, due to improper validations of user permissions...

SUSE: Security Advisory (SUSE-SU-2019:2975-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated squid packages fix security vulnerabilities

Potential remote code execution during URN processing CVE-2019-12526. Multiple improper validations in URI processing CVE-2019-12523, CVE-2019-18676. Cross-Site Request Forgery in HTTP Request processing CVE-2019-18677. Incorrect message parsing which could have led to HTTP request splitting issu...

openSUSE Security Update : squid (openSUSE-2019-2541)

This update for squid to version 4.9 fixes the following issues : Security issues fixed : - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...